Blog Posts Tagged with "Cloud Security"

Monitoring the performance of your MSSP is cheap insurance- the last thing you want to face is a failure of your service and the need to rebuild an in-house program. You thought getting all that data pushed out to the MSSP was a pain- just imagine trying to get it back...

The government, which had originally seized files and still apparently holds all of Megaupload's financial assets, had argued that it had no obligation to make sure the files of innocent Megaupload users were returned and, in fact, believed that they could be destroyed...

Is trust a binary decision? Can you trust something to varying levels? These are important questions for any security professional to have good answers to. Applying this logic to computing - can we ever really trust any computer environment, system, or application?

This tension between old and new is interesting to watch and has some interesting parallels within organizations. I’m talking about the tension that exists between IT and business units. The former who want to ensure security and control, the latter who simply want to get stuff done...

On the side of IT it’s all about security, control and transparency. On the side of the business, it’s years of frustration at slow and cumbersome IT procurement processes – they want to get stuff done. It’s fair to say that we’re still in the Wild West of cloud adoption...

"Zeus captures a screenshot of a Ceridian payroll services web page when a corporate user whose machine is infected... visits this website. This allows Zeus to steal the user id, password, company number and the icon selected by the user for the image-based authentication system..."

Does the government have a responsibility to protect innocent third parties from collateral damage when it seizes their property in the course of prosecuting alleged copyright infringement? That is the question a federal district court will consider...

Even as companies are adapting to this new paradigm, there are growing concerns about the safety of their data in the cloud. Incidents at cloud service providers like Dropbox highlight dangers of storing information in the cloud...

Cisco, Juniper, Oracle, and Microsoft might have security initiatives and even good sales of security products. But security takes a back seat to functionality too often. Why are there no secure switches? Secure apps for Windows? Or secure databases?

We need to ensure that legislation and regulations for cloud services truly reflect the realities of the cloudy world we live in and do not allow for a shotgun approach to compliance that primarily meets the needs of just one powerful interest group...

Do you backup data? One of the problems with getting a small businesses to secure data is they think they need to load up thumbdrives, DVDs or tape devices manually. This is in fact tedious and overwhelming. I’ve got news for you, data backup is easy...

The proliferation of comprehensive data privacy laws, more or less on the European model, increasingly requires US-based multinationals and online companies to adapt to strict requirements for dealing with individuals in other countries...

We need to entrust information security to professionals who not only know the fundamental principles and technologies, but are also able to understand and support the business's goals in order to influence and contribute positively to the ongoing infosec challenge...

Ever since the MegaUpload case, when innocent customers of an admittedly generally dodgy cloud service lost their data after a global take-down notice, it has concerned me that more mainstream vendors might have an impending issue they need to think about...

If you have parts of your infrastructure outsourced, go over your contracts with your providers. You want them to be able to give you logs within a few minutes of the request and have the right technical support without fighting your way through first-level script-readers...

Organisations need to ask cloud providers to disclose security controls and how they are implemented, and consuming organisations need to know which controls are needed to maintain the security of their information. Lack of thoroughness can lead to detrimental outcomes...